Block outbound port 25 to prevent direct-out spammers


Enter Your Query:
Use '%' for wildcards and quotes for "exact phrases"


Top Level » Email » Spam

Block outbound port 25 to prevent direct-out spammersLast Modified: Oct 18, 2016, 3:11 pm
If you're not running a firewall, or are using a default state for most firewalls, often times, they don't block Users from sending on port 25 directly to remove mail servers. This would bypass Exim, so wouldn't be desirable as you wouldn't have any way of tracking it.

Related change to to our block_ip.sh iptables script

We recommend that you block port 25 out for all Users, with the exception of only allowing "mail" and "root".
"mail" is what exim uses to delivery outbound messages, and "root" is just left for manual testing/debugging.

If you're running CSF, set the following value:

SMTP_BLOCK = "1"

while the block_ip iptables script will do this by default.



To manually test if this block is working, you'd see something like this:

[root@server ~]# id
uid=0(root) gid=0(root) groups=0(root)
[root@server ~]# su - admin
[admin@server ~]$ telnet directadmin.com 25
Trying 216.144.255.179...
telnet: connect to address 216.144.255.179: Connection refused
[admin@server ~]$ logout
[root@server ~]# id
uid=0(root) gid=0(root) groups=0(root)
[root@server ~]# telnet directadmin.com 25
Trying 216.144.255.179...
Connected to directadmin.com.
Escape character is '^]'.
220 jbmc-software.com ESMTP Exim 4.86.2 Fri, 08 Apr 2016 16:06:28 -0600
QUIT
221 jbmc-software.com closing connection
Connection closed by foreign host.
[root@server ~]#

But if your admin" account can still connect to a remote server on port 25, then the block isn't working yet.
 
Related Helpfiles
My server is sending spam. What do I do?
Fully block a DirectAdmin User account from sending any messages

© 2018 JBMC Software, Suite 173  3-11 Bellerose Drive, St Albert, AB  T8N 1P7  Canada.  Mon-Fri 9AM-5PM MST